Threat Intelligence Blog

Data Breach Alert: 40 Million U.S. Voter Records for Sale

Posted July 31, 2017

Over the past few weeks, LookingGlass Cyber Solutions has tracked in an underground forum, the leak of nearly 40 million U.S. voter records from eight different states. The stolen data contains the personal and sensitive information of current and former voters from the following states:

Arkansas -1.7 million

Colorado – 3.5 million

Connecticut – 2.6 million

Delaware – 645,000

Florida – 13.7 million

Michigan – 7.4 million

Ohio – 7.9 million

Oklahoma – 2.2 million

The stolen information includes:

Voter ID

County ID

Last Name, First Name, Middle Name

Date of Birth

Registration Date

Voter Status

Party Affiliation

Residence Address/City

Mailing Address (if different from residence)

School District

Municipal Court District

State Representative District

State Senate District

Congressional District

The threat actor “Logan” advertised this information for sale on RaidForums, and is intimating that he/she may possess as many as 20-25 additional state voter databases. RaidForums focuses on data base leaks and any type of 4chan raiding. At this time, it is still unknown if Logan is behind the hack, or if he/she just leaked the information.

The most interesting part about this leak is that it appears Logan sold the Arkansas and Ohio databases for $2 each, totaling $4 for almost 10 million records. Such low return-on-investment for such valuable information indicates the actor did not do this for monetary reasons.

The cyber threat to U.S. voting emerged as a national security concern during the 2016 elections. The U.S. government believes that the Russian government-sanctioned was involved in the hacking of 39 states’ elections systems. However, it’s important to note that there is not enough evidence to tie Ohio and Arkansas’ hacking to Russia.

Regardless if this leak is connected to Russia or not, the repercussions for victims are that this information can and most likely be used for additional criminal acts and monetization.

The prevalence of data breaches across all organizations, agencies, and industries underscores the importance of having heightened cybersecurity measures in place. This, along with the fact that the leak does not appear to be for financial purposes, emphasizes the need for an always on-approach to protecting your networks, and employee and customer information.